Lately I have heard several versions of this statement. In July a registrar said something close to the following to me:

The company let go of all the bad (convicted felon) programmers and they have fixed all the problems with the machines.

Last week a local monthly paper had this to say in an editorial:

Potential glitches uncovered by the University of Connecticut Voting Technology Research Center in 2006 have been remedied. – Glastonbury Life

The security holes discovered by UConn have not been fixed.We are using the same version,1.96.6, of the software that UConn tested. The state requires that all software versions be certified by the Secretary of the State before they are used in our elections. Thus far 1.96.6 is the only version that has ever been certified in Connecticut. Time is running out for a coordinated update of machines before the November 6th election.

California Secretary of the State, Debra Bowen, commissioned an extensive review of voting machines. In addition to a review similar to UConn’s, Bowen had several teams investigate the object code, the source code, and the documentation. The result was confirming the problems found by UConn and articulating many additional vulnerabilities. In the case of the Diebold AccuVote-OS, the machine used in Connecticut, the version tested was 1.96.6. Secretary Bowen decertified the Diebold AccuVote-OS and that version of the software.

Diebold has created later versions of the software which it claims fix a fraction of the vulnerabilities cited by UConn and California. Such versions have yet to be certified by California or Connecticut. They fall far short of fixing the cited vulnerabilities.

The Connecticut Secretary of the State’s office has been working to improve election procedures, including security, with each election cycle. These procedures make it increasingly difficult for individuals to compromise the optical scanner and its memory card once they have been programmed and shipped. If the procedures are followed. However, history has shown that procedures are often ignored or violated, even in Connecticut. Even without security lapses it is possible that unscrupulous individuals could circumvent “tamper proof” seals or locked storage areas. Elections are costly affairs with millions spent by individual campaigns often financed by interests that would willingly contribute huge additional sums beyond the legal limits. If CIA and FBI agents successfully perform undetected sneak and peek operations, so can others with similar skills.

Fixing all the known software vulnerabilities is a significant undertaking. At a minimum it would require a complete redesign and rewriting of the entire software system. Even if that were accomplished the election would still be at the mercy of those who have access to the memory cards to program each election.

In Connecticut we have entrusted that programming to employees of LHS, our Diebold distributor. They program the memory cards out of public view, in Massachusetts. As yet there is no effective security in place to monitor their activities or to reliably check that they have programmed the cards correctly, have not taken advantage of a known vulnerability, or introduced a new software trick. Computer Scientists and the Brennan Center agree that the programming of the cards by insiders is the biggest vulnerability.

Finally, as we have said many times, no matter how good the programs, no matter how good the procedures, the only way to detect errors and deter fraud is sufficient post-election random audits.